Legal claims defining the scope of protection, as filed with the USPTO.
1. A secure Elliptic Curve Cryptosystem (ECC) for performing elliptic scalar operations, the ECC comprising: a secure microcontroller that is embedded in a computing system, the secure microcontroller comprising a cryptography circuit configured to implement a countermeasure and prevent secret scalar leakage; and a memory to store a secret scalar, k, that comprises secret key bits, the cryptography circuit performing elliptic scalar operations comprising instructions for: receiving an elliptic point, P/2, and the secret scalar, k; initializing a value Q to the elliptic point that does not include an initial value at an infinity point; processing the secret key bits of the secret scalar in sequential steps, wherein processing comprises doubling the value Q, wherein each step comprises performing elliptic operations comprising at least one of elliptical point subtraction or addition; performing an elliptical point subtraction by subtracting the elliptic point, P/2, from the value Q to compute a product kP; and determining a difference between the value Q and the elliptic point outside of a balanced loop configuration to protect a least significant bit from a power analysis attack.
2. The secure ECC according to claim 1 , further comprising a state machine that performs one or more of the elliptic scalar operations.
3. The secure ECC according to claim 1 , further comprising a register initialized to a point other than a point at infinity.
4. The secure ECC according to claim 1 , further comprising a secret most significant bit that is set to zero.
5. The secure ECC according to claim 1 , wherein the cryptography circuit is configured to perform a point verification operation to protect against fault attacks.
6. The secure ECC according to claim 1 , further comprising memory to store intermediate results of the elliptic scalar operations.
7. A secure Elliptic Curve Cryptosystem (ECC) for performing elliptic scalar operations, the ECC comprising: a secure microcontroller that is embedded in a computing system that comprises a cryptography circuit configured to implement a countermeasure and prevent secret scalar leakage; and a memory to store a secret scalar, k, that comprises secret key bits, the cryptography circuit performing elliptic scalar operations comprising instructions for: receiving an elliptic point, P/2, and the secret scalar, k; initializing a value Q to the elliptic point that does not include an initial value at an infinity point; processing the secret key bits of the secret scalar in sequential steps, wherein processing comprises doubling the value Q, wherein each sequential step comprises performing elliptic operations comprising at least one of elliptical point subtraction and addition; performing an elliptical point subtraction by subtracting the elliptic point, P/2, from the value Q to compute a product kP; and determining a difference between the value Q and the elliptic point outside of a balanced loop configuration to protect a least significant bit from a safe error attack.
8. The secure ECC according to claim 7 , further comprising a state machine that performs one or more of the elliptic scalar operations.
9. The secure ECC according to claim 7 , further comprising a register that is initialized to a point other than a point at infinity.
10. The secure ECC according to claim 7 , further comprising a secret most significant bit that is set to zero.
11. The secure ECC according to claim 7 , wherein the cryptography circuit is configured to perform a point verification operation to protect against fault attacks.
12. The secure ECC according to claim 7 , further comprising memory to store intermediate results of the elliptic scalar operations.
13. A method to create a secret-independent operation flow, the method comprising: in an Elliptic Curve Cryptosystem (ECC) that is embedded in a computing system receiving an elliptic point, P/2, and a secret scalar, k, that comprises secret key bit; initializing a value Q to the elliptic point that does not include an initial value at an infinity point; processing the secret key bits of the scalar in sequential steps, wherein processing comprises doubling the value Q, wherein each sequential step comprises performing elliptic operations comprising at least one of elliptical point subtraction or addition; performing an elliptical point subtraction by subtracting the elliptic point, P/2, from the value Q to compute a product kP; and determining a difference between the value Q and the elliptic point outside of a balanced loop configuration to protect a least significant bit from at least one of a power analysis attack or a safe error attack.
14. The method according to claim 13 , wherein the secret scalar comprises a predetermined window width.
15. The method according to claim 13 , wherein the elliptical point subtraction or addition uses pre-calculated values to reduce the number of values to be calculated.
16. The method according to claim 13 , further comprising initializing the value Q to the greatest pre-computed value.
17. The method according to claim 13 , further comprising sequentially processing width bits of the secret scalar.
18. The method according to claim 13 , further comprising generating a sequence that includes no dummy operations and no operations that involve an initial value of infinity.
19. The method according to claim 13 , further comprising applying the method to a scalar fixed-based comb method such that re-using pre-calculated values in the balanced loop configuration reduces a number of pre-calculated values.
20. The method according to claim 13 , further comprising performing a point verification operation that comprises detecting calculation errors by determining whether a result is located on an elliptic curve.
Unknown
November 9, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.